Case Amplify Privacy and Security (HIPAA)
Case Amplify’s Privacy & Security
Clinician and patient trust is of the highest priority at Case Amplify. We hold ourselves accountable to a HIPAA-compliant data storage and processing protocol for all data captured and shared through our platform.
Internal Personnel Security
All Case Amplify employees are required to:
- Undergo background checks before being hired
- Complete annual security awareness training on HIPAA, privacy, and information classification
Secure Development Lifecycle
- All software changes are reviewed for compliance
- Case Amplify practices infrastructure-as-code. All infrastructure changes are reviewed before deployment
- All engineers complete secure development practices training
Cloud Hosting and Availability
- All hosting services and data is stored and processed within Microsoft’s Azure secure data centers
- Case Amplify has a HIPAA-compliant Business Associate Agreement with Microsoft
- Case Amplify leverages Azure’s high-availability infrastructure to ensure the data is always accessible
Confidentiality and Data Encryption
- All data is encrypted at-rest and in-transit using standard encryption schemes
Vendor Management
- All Vendors who may process patient information are required to be HIPAA compliant and sign BAAs with Case Amplify
- Case Amplify regularly reviews vendor security practices to ensure continued high standards
Artificial Intelligence
- All AI models are HIPAA-compliant and don’t retain data
- Protected health information is never used for AI training purposes
Patient Information
- Patient information is encrypted at-rest and in-transit
- Patient recordings are temporarily saved in a secure and HIPAA-compliant manner until note summaries and quality checks are complete, and then they are automatically deleted
- Patient notes can be manually deleted at any time or set to automatically delete after 30 days